Package: akregator Version: 4:3.5.9-5 Severity: important I subscribed to a password protected blog using a feed URL like this one:
http://user:[email protected]/blog/index.rss Under $HOME/.kde/share/apps/akregator/Archive/ akregator creates a file, the name containing not only the feed URL but also the username and password This may expose passwords to other users of the box. -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages akregator depends on: ii kdelibs4c2a 4:3.5.10.dfsg.1-0lenny1 core libraries and binaries for al ii libc6 2.7-18 GNU C Library: Shared libraries ii libgcc1 1:4.3.2-1.1 GCC support library ii libkdepim1a 4:3.5.9-5 KDE PIM library ii libqt3-mt 3:3.3.8b-5+b1 Qt GUI Library (Threaded runtime v ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 akregator recommends no packages. akregator suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
